Encrypting passwords for use in Apache AuthUserFile files

I was having a problem with managing with PHP my AuthUserFiles in Apache, namely that in the Windows environment crypt is not supported, and php's md5() and sha1() did not generate encrypted text that was readily compatible with Apache's password encryption routines. After digging around on the Internet, I found some code on Patrick R. Michaud's webpage at the University of Oulu in Finland (http://www.student.oulu.fi/~samiantt/scripts/authuser.php
) , which illustrated techniques for generating compatible encrypted text. I adapted his code so that you can encrypt passwords in a format that can be stored readily into an AuthUserFile.

The main function is encrypt_password_for_apache() which takes two arguments. The first argument is the plain text of the password to be encrypted, and the second argument is the encryption type desired. Currently the code supports MD5 Message-Digest ("MD5") and US Secure Hash ("SHA"), and standard DES encryption (by default). The second function is generate_salt() which generates a random salt value to the length specified, and this is called from within encrypt_password_for_apache().

If you take the encrypted password, and store it into the AuthUserFile with the corresponding login name, you can manage access to an Apache website using Basic Authentication.